Signature Detail
Short Name |
HTTP:STC:ACTIVEX:MCAFEE-FREESCN |
|---|---|
Severity |
Medium |
Recommended |
No |
Category |
HTTP |
Keywords |
McAfee FreeScan Unsafe ActiveX Control |
Release Date |
2004/04/14 |
Update Number |
1213 |
Supported Platforms |
di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: McAfee FreeScan Unsafe ActiveX Control
This signature detects attempts to exploit a known vulnerability against McAfee FreeScan software running inside a Web browser. Attackers can gather important information, such as the current user or the full path to sensitive directories, from a remote client.
Extended Description
Symantec Norton AntiVirus is prone to a remote code execution vulnerability. This issue presents itself in an ActiveX control used by the application and could allow an attacker to execute arbitrary executables, launch URI pop-up windows, and carry out denial of service attacks against the antivirus application. Norton AntiVirus 2004 is prone to this vulnerability.
Affected Products
- Symantec Norton AntiVirus 2004
References
- BugTraq: 10392
- CVE: CVE-2004-1908
- CVE: CVE-2004-0487
- URL: http://theinsider.deep-ice.com/texts/advisory54.txt
- URL: http://www.kb.cert.org/vuls/id/312510